'use strict';
+const ALG = {
+ __proto__: null,
+
+ AES_256_GCM: 'aes-256-gcm',
+ CHACHA20_POLY1305: 'chacha20-poly1305',
+ XCHACHA20_POLY1305: 'xchacha20-poly1305',
+};
+
+const KD = {
+ __proto__: null,
+
+ SCRYPT: 'scrypt',
+ SHAKE256: 'shake256',
+ BLAKE2B512: 'blake2b512',
+};
+
/**
* Supported packings/cipher types.
* To be useful, any cipher included here must be Authenticated Encryption with Additional Data (AEAD).
* More preferable versions are numbered higher.
*/
const allVersions = {
+ __proto__: null,
+
+ // 0: {} There is no version zero
+
1: {
version: 1,
- algorithm: 'aes-256-gcm',
+ algorithm: ALG.AES_256_GCM,
algOptions: {},
versionBytes: 1,
flagsBytes: 1,
ivBytes: 12,
saltBytes: 16,
tagBytes: 16,
+ keyDeriver: KD.SCRYPT,
keyBytes: 32,
},
2: {
version: 2,
- algorithm: 'chacha20-poly1305', // Prefer this over NIST because we stan djb
+ algorithm: ALG.CHACHA20_POLY1305,
algOptions: {
authTagLength: 16,
},
ivBytes: 12,
saltBytes: 16,
tagBytes: 16,
+ keyDeriver: KD.SCRYPT,
keyBytes: 32,
},
3: {
version: 3,
- algorithm: 'xchacha20-poly1305', // Not yet available...
+ algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more...
+ algOptions: {
+ authTagLength: 16,
+ },
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 24,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.SCRYPT,
+ keyBytes: 32,
+ },
+ 4: {
+ version: 4,
+ algorithm: ALG.AES_256_GCM,
+ algOptions: {},
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 12,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.SHAKE256,
+ keyBytes: 32,
+ },
+ 5: {
+ version: 5,
+ algorithm: ALG.CHACHA20_POLY1305,
+ algOptions: {
+ authTagLength: 16,
+ },
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 12,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.SHAKE256,
+ keyBytes: 32,
+ },
+ 6: {
+ version: 6,
+ algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more...
+ algOptions: {
+ authTagLength: 16,
+ },
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 24,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.SHAKE256,
+ keyBytes: 32,
+ },
+ 7: {
+ version: 7,
+ algorithm: ALG.AES_256_GCM,
+ algOptions: {},
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 12,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.BLAKE2B512,
+ keyBytes: 32,
+ },
+ 8: {
+ version: 8,
+ algorithm: ALG.CHACHA20_POLY1305,
+ algOptions: {
+ authTagLength: 16,
+ },
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 12,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.BLAKE2B512,
+ keyBytes: 32,
+ },
+ 9: {
+ version: 9,
+ algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more...
algOptions: {
authTagLength: 16,
},
ivBytes: 24,
saltBytes: 16,
tagBytes: 16,
+ keyDeriver: KD.BLAKE2B512,
+ keyBytes: 32,
+ },
+ // Prior to version 10, flags were part of tagged data.
+ // Version 10 and later, flags are part of encrypted data, to leak no hints of content.
+ // Configurations for versions 10 through 19 are duplicates of the legacy 1 through 9.
+ 10: {
+ version: 10,
+ algorithm: ALG.AES_256_GCM,
+ algOptions: {},
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 12,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.SCRYPT,
+ keyBytes: 32,
+ },
+ 11: {
+ version: 11,
+ algorithm: ALG.CHACHA20_POLY1305,
+ algOptions: {
+ authTagLength: 16,
+ },
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 12,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.SCRYPT,
+ keyBytes: 32,
+ },
+ 12: {
+ version: 12,
+ algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more...
+ algOptions: {
+ authTagLength: 16,
+ },
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 24,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.SCRYPT,
+ keyBytes: 32,
+ },
+ 13: {
+ version: 13,
+ algorithm: ALG.AES_256_GCM,
+ algOptions: {},
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 12,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.SHAKE256,
+ keyBytes: 32,
+ },
+ 14: {
+ version: 14,
+ algorithm: ALG.CHACHA20_POLY1305,
+ algOptions: {
+ authTagLength: 16,
+ },
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 12,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.SHAKE256,
+ keyBytes: 32,
+ },
+ 15: {
+ version: 15,
+ algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more...
+ algOptions: {
+ authTagLength: 16,
+ },
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 24,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.SHAKE256,
+ keyBytes: 32,
+ },
+ 16: {
+ version: 16,
+ algorithm: ALG.AES_256_GCM,
+ algOptions: {},
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 12,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.BLAKE2B512,
+ keyBytes: 32,
+ },
+ 17: {
+ version: 17,
+ algorithm: ALG.CHACHA20_POLY1305,
+ algOptions: {
+ authTagLength: 16,
+ },
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 12,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.BLAKE2B512,
+ keyBytes: 32,
+ },
+ 18: {
+ version: 18,
+ algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more...
+ algOptions: {
+ authTagLength: 16,
+ },
+ versionBytes: 1,
+ flagsBytes: 1,
+ ivBytes: 24,
+ saltBytes: 16,
+ tagBytes: 16,
+ keyDeriver: KD.BLAKE2B512,
keyBytes: 32,
},
};
+Object.defineProperties(allVersions, {
+ ALG: {
+ enumerable: false,
+ get: () => ALG,
+ },
+ KD: {
+ enumerable: false,
+ get: () => KD,
+ },
+});
+
module.exports = allVersions;
\ No newline at end of file
projects / squeep-mystery-box / blobdiff